Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Unused Liquidity Index Update Mechanism in `RToken`

0xnforcer

Summary

The constructor initializes _liquidityIndex to 1 RAY, and the RToken::updateLiquidityIndex function exists to maintain it. However, the LendingPool contract never calls updateLiquidityIndex, causing _liquidityIndex to remain at 1 RAY permanently instead of reflecting the actual interest accrual.

Vulnerability Details

  • RToken defines an updateLiquidityIndex function to synchronize its _liquidityIndex with the LendingPool.

  • The LendingPool never invokes this function, meaning _liquidityIndex stays at the default value (1 RAY).

  • As a result, any logic depending on a changing _liquidityIndex is rendered ineffective.

This function is never called.

/**
* @notice Updates the liquidity index
* @param newLiquidityIndex The new liquidity index
*/
function updateLiquidityIndex(uint256 newLiquidityIndex) external override onlyReservePool {
if (newLiquidityIndex < _liquidityIndex) revert InvalidAmount();
_liquidityIndex = newLiquidityIndex;
emit LiquidityIndexUpdated(newLiquidityIndex);
}

Impact

Since _liquidityIndex never updates, the contract fails to capture the true growth or decline of underlying value. This leads to inaccuracies in user balances or interest calculations tied to liquidity indexing.

Tools Used

Manual Review

Recommendations

Ensure the LendingPool contract actually calls RToken::updateLiquidityIndex whenever liquidity index changes.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RToken::updateLiquidityIndex() has onlyReservePool modifier but LendingPool never calls it, causing transferFrom() to use stale liquidity index values

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.